Drive your SOC forward with solutions trusted by 15,000 businesses worldwide

✅ Get bonus licenses for ANYRUN's Interactive Sandbox
✅ Double your cyber threat investigations quota with TI Lookup

Just 4 days left 👉 https://thn.news/anyrun-plans-spring-tg

🚨 AI agents are leaking secrets—and no one's watching.

Enterprises now manage 45+ machine identities per user—from chatbots to CI/CD bots. In 2024 alone, 23.7M secrets leaked on GitHub. AI tools like Copilot worsened this by 40%.

NHIs don’t rotate keys. Don’t log off. Don’t forget.

🔒 Learn how to lock down AI agents → https://thehackernews.com/2025/05/ai-agents-and-nonhuman-identity-crisis.html

👀 Your Docker containers might be mining crypto—without you knowing.

A new malware is hijacking exposed Docker APIs, spreading like a worm, and turning systems into a crypto-mining botnet—no C2 server required.

🔍 See how it spreads: https://thehackernews.com/2025/05/new-self-spreading-malware-infects.html

🚨 Hackers built a fake Bitdefender site to push Venom RAT—stealing passwords, crypto, and control.

Behind it? A stealthy combo of open-source tools, MFA bypass tricks, and real-time phishing tactics. You won’t believe what they’re exploiting now.

Read: https://thehackernews.com/2025/05/cybercriminals-clone-antivirus-site-to_4.html

Apple blocked $9B+ in App Store fraud.

In 2024 alone:
🔥 $2B in fake transactions stopped
🚫 139K shady devs rejected
👤 129M bogus accounts banned

From malware to manipulated reviews—fraud is evolving fast.

👉 See what’s under the hood: https://thehackernews.com/2025/05/apple-blocks-9-billion-in-fraud-over-5.html

🚨 One Day. 251 IPs. 75 Targets.

Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.

CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)

See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html

🚨 A new zero-day is under attack — and it’s making money off your CMS.

Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.

Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html

⚠️ You passed MFA. But your session didn’t.

A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.

It’s fast, invisible, and bypasses MFA.

Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html

🚨 A new botnet is quietly hijacking Linux-based IoT devices.

PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.

It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.

🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html

🚨 Session hijacking just replaced password theft.

Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.

Flare analyzed 20M+ stealer logs. What they found changes everything.

👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html

🚨 WARNING →

Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.

🔓 Overly broad permissions, vague prompts. No fix yet.

🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html

🚨 China accused of cyber espionage—again.

Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.

🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html

🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html

🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites

A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files.

🔗 Full details → https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html

🚨 Google Calendar… as malware C2? You read that right.

Chinese APT41 hackers hijacked a govt site to launch a stealth campaign using malware dubbed TOUGHPROGRESS—leveraging Google Calendar events to send commands & exfiltrate data.

Find details here — https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

🎭 Phishing scams are down 20%—but don’t celebrate yet.

Hackers are now using GenAI to launch hyper-targeted attacks on HR and finance teams. The game changed. Are your defenses ready for what’s coming next?

🛡️ Read the full 2025 report: https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html

🚨 UPDATE: 9,000 ASUS routers hijacked in silent global attack. Hackers gained persistent access using a known flaw—no malware, no alerts.

Linked to the same group behind the Cisco honeypot botnet.

The real plan? It’s just starting... 👀

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

🚨 Hackers hijacked a trusted IT tool to launch ransomware attacks across multiple companies in a supply chain breach.

👀 The twist? Another cyber gang may have quietly opened the door. The ransomware underworld is shifting.

Learn more: https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

🧬 New Malware Alert: Hides Using Broken File Headers!

Fortinet just uncovered a remote access trojan (RAT) that ran unnoticed for weeks—using corrupted DOS & PE headers to avoid detection.

🖥️ Turns your PC into a remote access hub
🔁 Supports multiple attacker sessions
🔐 Uses TLS to stay stealthy

🔗 Read the full story: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend our June 12 webinar.

Sign up now: https://thn.news/cyber-risk-2025-ig